diff --git a/transformation_test/testdata/windows_event_log_v1/config.yaml b/transformation_test/testdata/windows_event_log_v1/config.yaml
index 20c11c09a7..52d1dd8a99 100644
--- a/transformation_test/testdata/windows_event_log_v1/config.yaml
+++ b/transformation_test/testdata/windows_event_log_v1/config.yaml
@@ -1,4 +1,4 @@
 - type: parse_json
-  time_key: system_time
+  time_key: time
   time_format: "%Y-%m-%dT%H:%M:%S.%L%z"
 - type: windows_event_log_v1
diff --git a/transformation_test/testdata/windows_event_log_v1/input.log b/transformation_test/testdata/windows_event_log_v1/input.log
index 0f376a6b4f..a5716eb973 100644
--- a/transformation_test/testdata/windows_event_log_v1/input.log
+++ b/transformation_test/testdata/windows_event_log_v1/input.log
@@ -1,2 +1,2 @@
-{"channel":"System","computer":"test-computer","event_data":{"binary":"12345","data":[{"param1":"Windows Modules Installer"},{"param2":"running"}]},"event_id":{"id":4444,"qualifiers":33333},"execution":{"process_id":222,"thread_id":0000},"keywords":["Classic"],"level":"Information","message":"The Windows Modules Installer service entered the running state.","opcode":"0","provider":{"event_source":"Service Control Manager","guid":"{11111111}","name":"Service Control Manager"},"record_id":1111,"system_time":"2025-07-02T20:38:45.026077400Z","task":"0"}
-{"channel":"System","computer":"test-computer","event_data":{"binary":"12345","data":[{"param1":"Software Protection"},{"param2":"stopped"}]},"event_id":{"id":4444,"qualifiers":33333},"execution":{"process_id":222,"thread_id":0000},"keywords":["Classic"],"level":"Information","message":"The Software Protection service entered the stopped state.","opcode":"0","provider":{"event_source":"Service Control Manager","guid":"{11111111}","name":"Service Control Manager"},"record_id":1111,"system_time":"2025-07-02T20:39:32.339006100Z","task":"0"}
+{"channel":"System","computer":"test-computer","event_data":{"binary":"12345","data":[{"param1":"Windows Modules Installer"},{"param2":"running"}]},"event_id":{"id":4444,"qualifiers":33333},"execution":{"process_id":222,"thread_id":0000},"keywords":["Classic"],"level":"Information","message":"The Windows Modules Installer service entered the running state.","opcode":"0","provider":{"event_source":"Service Control Manager","guid":"{11111111}","name":"Service Control Manager"},"record_id":1111,"system_time":"2025-07-02T20:38:45.026077400Z", "time":"2025-07-02T20:38:45.026077400Z","task":"0"}
+{"channel":"System","computer":"test-computer","event_data":{"binary":"12345","data":[{"param1":"Software Protection"},{"param2":"stopped"}]},"event_id":{"id":4444,"qualifiers":33333},"execution":{"process_id":222,"thread_id":0000},"keywords":["Classic"],"level":"Information","message":"The Software Protection service entered the stopped state.","opcode":"0","provider":{"event_source":"Service Control Manager","guid":"{11111111}","name":"Service Control Manager"},"record_id":1111,"system_time":"2025-07-02T20:39:32.339006100Z", "time":"2025-07-02T20:39:32.339006100Z","task":"0"}
diff --git a/transformation_test/testdata/windows_event_log_v1/output_fluentbit.yaml b/transformation_test/testdata/windows_event_log_v1/output_fluentbit.yaml
index 5ad0428168..e3222f4c95 100644
--- a/transformation_test/testdata/windows_event_log_v1/output_fluentbit.yaml
+++ b/transformation_test/testdata/windows_event_log_v1/output_fluentbit.yaml
@@ -23,6 +23,7 @@
         guid: "{11111111}"
         name: Service Control Manager
       record_id: 1111.0
+      system_time: 2025-07-02T20:38:45.026077400Z
       task: "0"
     logName: projects/my-project/logs/transformation_test
     timestamp: 2025-07-02T20:38:45.026077400Z
@@ -50,6 +51,7 @@
         guid: "{11111111}"
         name: Service Control Manager
       record_id: 1111.0
+      system_time: 2025-07-02T20:39:32.339006100Z
       task: "0"
     logName: projects/my-project/logs/transformation_test
     timestamp: 2025-07-02T20:39:32.339006100Z
diff --git a/transformation_test/testdata/windows_event_log_v1/output_otel.yaml b/transformation_test/testdata/windows_event_log_v1/output_otel.yaml
index 42fe1b9ca5..0972e24078 100644
--- a/transformation_test/testdata/windows_event_log_v1/output_otel.yaml
+++ b/transformation_test/testdata/windows_event_log_v1/output_otel.yaml
@@ -13,6 +13,8 @@
       StringInserts:
       - param1: Windows Modules Installer
       - param2: running
+      TimeGenerated: 2025-07-02T20:38:45.026077400Z
+      TimeWritten: 2025-07-02T20:38:45.026077400Z
     logName: projects/my-project/logs/my-log-name
     resource:
       labels:
@@ -34,6 +36,8 @@
       StringInserts:
       - param1: Software Protection
       - param2: stopped
+      TimeGenerated: 2025-07-02T20:39:32.339006100Z
+      TimeWritten: 2025-07-02T20:39:32.339006100Z
     logName: projects/my-project/logs/my-log-name
     resource:
       labels: